David Endler DEndler at iDefense.com
Wed Oct 23 22:48:23 EDT 2002

Mark et al,

I think perhaps Noam's section needs some more expansion on how to
methodically look for XSS (attack tree?) and the potentially common bad
characters sets to check as well as tools, etc.  The person responsible for
SQL injection was cut form the project due to non participation, so the
section is up for grabs (  

Feel free to add to or rewrite these sections  :-)  That's the point of peer


> -----Original Message-----
> From: owasp-testing-admin at lists.sourceforge.net
> [mailto:owasp-testing-admin at lists.sourceforge.net]On Behalf Of Mark
> Curphey
> Sent: Wednesday, October 23, 2002 3:04 PM
> To: owasp-testing at lists.sourceforge.net
> Subject: [OWASP-TESTING] Editing
> Dave et all
> I just downloaded the draft from Sourceforge to look at and make some
> comments / revisions. Maybe its me but I can't see the sections on how
> to test for the common problems such as XSS and SQL injection that I
> thought were going to be core to this document. 
> Am I missing a version or should I write them  ?
> -------------------------------------------------------
> This sf.net email is sponsored by: Influence the future 
> of Java(TM) technology. Join the Java Community 
> Process(SM) (JCP(SM)) program now. 
> http://ads.sourceforge.net/cgi-bin/redirect.pl?sunm0002en
> _______________________________________________
> owasp-testing mailing list
> owasp-testing at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/owasp-testing

More information about the Owasp-testing mailing list